package com.jcl.core.web.filter;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @ClassName XSSFilter
 * @Description xss 安全处理
 * @Author yyliu
 * @Date 2018/9/19 14:27
 * @Version 1.0
 **/
public class XSSFilter implements Filter {

    private static final Logger logger = LoggerFactory.getLogger(XSSFilter.class);

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest request,
                         ServletResponse response,
                         FilterChain filter) throws IOException, ServletException {
        logger.info("xss filter start ...");
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;
        //resp.setHeader("SET-COOKIE", "JSESSIONID=" + req.getSession().getId()+ "; HttpOnly");
        //filter.doFilter(new XssHttpServletRequestWrapper(req), response);
        filter.doFilter(request, response);
        logger.info("xss filter end .");
    }

    @Override
    public void destroy() {

    }
}
